CVE-2025-2586

Name: CVE-2025-2586
Creator: NVD / NIST
Published: 2025-03-31T12:15:15.073+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.49%

Last modified Jun 25, 2026

CVE-2025-2586 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. EPSS estimates a 0.49% chance of exploitation in the next 30 days.

Description

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.49%

38.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

References

Timeline

Published: Mar 31, 2025
Last Modified: Jun 25, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-2586?

How severe is CVE-2025-2586?

CVE-2025-2586 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.49% probability of exploitation in the next 30 days.

How do I fix CVE-2025-2586?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-2586?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST